Bugzilla – Bug 889429
VUL-0: CVE-2014-3560: samba: Samba4 unstrcpy macro length is invalid
Last modified: 2014-09-01 09:57:59 UTC
embargoed via https://bugzilla.samba.org/show_bug.cgi?id=10735 CRD is 2014-08-01 We have Samba 4.1.9 currently only in openSUSE 13.1 as a released product. Karolin Seeger drafted the advisory: =========================================================== == Subject: Remote code execution in nmbd == == CVE ID#: CVE-2014-3560 == == Versions: Samba 4.0.0 to 4.1.9 == == Summary: Samba 4.0.0 to 4.1.9 are affected by a == remote code execution attack on == unauthenticated nmbd NetBIOS name services. == =========================================================== =========== Description =========== All current versions of Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon. A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon. It may be possible to use this to generate a remote code execution vulnerability as the superuser (root). ================== Patch Availability ================== A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 4.1.11 and 4.0.21 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== Do not run nmbd, the NetBIOS name services daemon. ======= Credits ======= This problem was found and the fix provided by Volker Lendecke, a Samba Team member working for SerNet <vl@sernet.de> https://www.sernet.de.
bugbot adjusting priority
https://build.opensuse.org/request/show/243457 openSUSE 13.1 talloc https://build.opensuse.org/request/show/243458 openSUSE 13.1 tdb https://build.opensuse.org/request/show/243459 openSUSE 13.1 tevent https://build.opensuse.org/request/show/243460 openSUSE 13.1 ldb https://build.opensuse.org/request/show/243461 openSUSE 13.1 samba Samba 4.1.11 requires ldb 1.1.17 which requires the version updates of talloc, tdb, and tevent.
openSUSE-SU-2014:1040-1: An update that solves one vulnerability and has 5 fixes is now available. Category: security (moderate) Bug References: 865627,884056,889429,889539,890005,890008 CVE References: CVE-2014-3560 Sources used: openSUSE 13.1 (src): ldb-1.1.17-3.4.1, samba-4.1.11-3.26.1, talloc-2.1.1-7.4.1, tdb-1.3.0-4.4.1, tevent-0.9.21-4.4.1
was released